Closed ashishb-solo closed 6 months ago
I think the upstream references to fopen64
(at least, the only ones I can actually find) are all in the pre-compiled src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso
(and src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso
) files, so I think those would probably need to be recompiled to fix this? Perhaps via one of the "build" scripts in src/crypto/internal/boring/
?
(Either way, this is definitely an upstream bug, although one I don't know whether they'll prioritize very highly since Alpine/musl is not officially supported by the Go project. https://github.com/golang/go/issues/19938)
Thanks for your response @tianon. Since it seems unlikely that upstream Go/Boringssl will fix this, then perhaps there's a chance that this can get resolved in upstream Alpine since the library is supposed to be provided by the system. I went ahead and created an issue for it there: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15573
It seems that upstream Alpine's plan is to recompile the problematic libraries, ie. src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso
. This should fix upstream Alpine, however it will probably not resolve the issue in this docker image because the image installs go by downloading binaries from the upstream go projects and not the alpine package repositories (right?).
So I've opened an issue with golang upstream here and if it gets addressed there, then it should fix both Alpine and this image (hopefully :-P)...
https://github.com/golang/go/issues/64698#issuecomment-1856649087 is pretty darn definitive :sweat_smile: :heart:
Description
Builds that use cgo and boringssl appear to have regressed from alpine 3.18 to 3.19 - builds that worked successfully before now appear to provide the following linking error:
Significance
This issue is significant, because we believe that this is required for anyone using boringssl cryptography for FIPS compliance.
Reproduction
I was able to reproduce this using a minimal dockerfile - the example provided below should fail to build with the above error message:
Attempting to build this docker file results in the linker error that I quoted above. Changing the version tag from
golang:alpine3.19
togolang:alpine3.18
causes the build to complete successfully.Additional Context
We've dug a little bit into this issue and have found this interesting bit from the Alpine 3.19 release notes:
A quick scan of the libraries on both systems appears to indicate that the
fopen64
symbol has been removed from libc - see below. The first command scans libraries forfopen64
on alpine 3.18, and the second scans does the same on alpine 3.19, butfopen64
only appears on 3.18:Happy to help in any way that I can in resolving this, but am not completely sure where exactly to start.
fopen64
appears to have been removed for good from Alpine, so it's not immediately clear where this ought to be resolved